summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author TreeHugger Robot <treehugger-gerrit@google.com> 2020-01-15 13:37:25 +0000
committer Android (Google) Code Review <android-gerrit@google.com> 2020-01-15 13:37:25 +0000
commitd5a97cc0ca063ba7d4b47ed0ff05dbe1a1574dc6 (patch)
treeb991e089f860be4fddc280e3ba6622b5bc5e47e3
parentc691ed8d98d39a4228d9bbbd7015d888dd78e11f (diff)
parent198894291e3659187a963a6ac7c4e67c36f601cb (diff)
Merge "Enable app data isolation by default"
Diffstat
-rw-r--r--core/jni/com_android_internal_os_Zygote.cpp2
-rw-r--r--services/core/java/com/android/server/am/ProcessList.java3
2 files changed, 2 insertions, 3 deletions
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 673772a52212..39ea45a6557e 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -1431,7 +1431,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
// Isolated process / webview / app zygote should be gated by SELinux and file permission
// so they can't even traverse CE / DE directories.
if (pkg_data_info_list != nullptr
- && GetBoolProperty(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, false)) {
+ && GetBoolProperty(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, true)) {
isolateAppData(env, pkg_data_info_list, uid, process_name, managed_nice_name,
fail_fn);
}
diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java
index e11008c246dd..b7f867df04c2 100644
--- a/services/core/java/com/android/server/am/ProcessList.java
+++ b/services/core/java/com/android/server/am/ProcessList.java
@@ -647,11 +647,10 @@ public final class ProcessList {
// Get this after boot, and won't be changed until it's rebooted, as we don't
// want some apps enabled while some apps disabled
mAppDataIsolationEnabled =
- SystemProperties.getBoolean(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, false);
+ SystemProperties.getBoolean(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, true);
mAppDataIsolationWhitelistedApps = new ArrayList<>(
SystemConfig.getInstance().getAppDataIsolationWhitelistedApps());
-
if (sKillHandler == null) {
sKillThread = new ServiceThread(TAG + ":kill",
THREAD_PRIORITY_BACKGROUND, true /* allowIo */);
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-26 00:28:47 +0000